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Amendments to the Claims: 



This listing of claims will replace all prior versions, and listings, of claims in 
the application: 



Listing of Claims: 


Claim l 


(currently amended) 


Claim 2 


(cancelled) 


Claim 3 


(currently amended) 


Claim 4 


(currently amended) 


Claim 5 


(cancelled) 


Claim 6 


(currently amended) 


Claim 7 


(currently amended) 


Claim 8 


(currently amended) 


Claim 9 


(original) 



Claim 10 (currently amended) 
Claim 1 1 (currently amended) 
Claim 12 (currently amended) 
Claim 13 (new) 
Claim 14 (new) 
Claim 15 (new) 
Claim 16 (new) 
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1. (Currently Amended) A system for searching electronic data files stored in a 
data repository system, comprising: 

a communications environment housing 

(i) a first agent program for a depositor computer of an electronic data file 
in the data repository system which first agent program is a secure 

extension of the depositor computer and 

(ii) a second agent program for a first user computer with access privileges 
to the electronic data file which second agent program is a secure 

extension of the first user computer; 

a manifest for the electronic data file listing access controls for the electronic 
data file, the manifest being accessible to and maintained by the first agent program; 

a first record of the first user computer's access privileges to the electronic 
data file, the first record being accessible to and maintained by the second agent 
program; 

means to communicate changes to the manifest affecting the first user 
computer's access privileges to the electronic data file from the first agent program 
to the second agent program for updating the first record; and 

means for the first agent program to verify the first user computer's access 
privileges to the electronic data file before the electronic data file is released to the 
second agent program. 



2. (Cancelled) 
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3. (Currently Amended) The secure system, according to claim [[2]] 13, further 
comprising means for communicating the changes to the manifest affecting the first 
user computer's access privileges to the electronic data file from the second agent 
program to the first user computer. 

4. (Currently Amended) The secure system, according to claim [[2]] 3, further 
comprising: 

a third agent program for a second user computer with access privileges to 
the electronic data file which third agent program is a secure extension of the 
second user computer : and 

a second record of the second user computer's access privileges to the 
electronic data file, the record being accessible to and maintained by the third agent 
program, 

and wherein the means to communicate changes to the manifest affecting the 
first user computer's access privileges to the electronic data file from the first agent 
program to the second agent program for updating the first record, comprises means 
to communicate changes to the manifest affecting the second user computer's access 
privileges to the electronic data file from the first agent program to the third agent 
program for updating the second record; and 

wherein the means for the first agent program to verify the first user 
computer's access privileges to the electronic data file before the electronic data file 
is released to the second agent program, comprises means for the first agent 
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program to verify the second user computer's access privileges to the electronic 
data file before the electronic data file is released to the third agent program. 

5. (Cancelled) 

6. (Currently Amended) The secure system, according to claim [[5]] 4, further 
comprising means for communicating the changes to the manifest affecting the 
second user computer's access privileges to the electronic data file from the third 
agent program to the second user computer. 

7. (Currently amended) The secure system, according to claim [[5]] 4, wherein 
the communication environment comprises a server. 

8. (Currently amended) The secure system, according to claim [[5]] 4, further 
comprising an interface to the data repository system housed in the communications 
environment, the interface adapted to receive all communications to and from the 
data repository system and the agent programs. 

9. (Original) The secure system, according to claim 8, wherein the interface is a 
secure extension of the data repository system. 
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10. (Currently Amended) A process for maintaining a secure electronic data 
search system for [[an]] a third p arty electronic data repository which contains 
document data files encrypted to make them secure from the adrninistrator of the 
repository, the system having a manifest listing access controls for each electronic 
data file stored in the data repository and a record listing document access privileges 
for each computer with access to the electronic data stored in the repository but 
secure from the administrator of the repository, the process comprising the steps 
performed bv the documents o riginator of: 

updating a manifest for an electronic data file stored in the repository; 

identifying all computers with a change in access to the electronic data file 
effected by the update; 

communicating the change in access to all affected computes; 

updating the access privileges records of all affected computers; and 

communicating the updated access privilege records to the affected 
computers. 

11. (Currently Amended) A secure system for searching electronic data files 
stored in a data repository system in which the documents are encrypted to make 
them secure from the repository adrninistrator. comprising: 

means for a data file originator mamtaining a manifest listing access controls 
for each electronic data file stored in the data repository system; 
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means for restricting access to each manifest to a computer with deposit 
privileges for the electronic data file: 

means for maintaining a record listing access privileges of users of the data 
file to the electronic data files associated with each computer with access privileges 
to at least one electronic data file in the data repository system; 

means in the computer with deposit privileges for restricting access to each 
said record to the associated computer with access privileges; and 

means for updating the record associated with each computer affected by an 
access change in a manifest. 

12. (Currently Amended) A computer program product on a computer usable 
medium for mamtaining a secure electronic data search system for an electronic data 
repository which contains data files that are encrypted to maintain them secure from 
the repository administrator, the system having a manifest listing access controls for 
each electronic data file stored in the data repository and a record listing document 
access privileges for each computer with access to electronic data stored in the 
repository, the program product performed by the data files originator comprising: 

software for updating a manifest for an electronic data file stored in the 
repository; 

software for identifying all computers with a change in access to the 
electronic data file effected by the update; 

software for communicating the change in access to all affected computers; 
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software for updating the access privileges records of all affected computers; 

and 

software for communicating the updated access privilege records to the 
affected computers. 

13. (New) The system of claim 1, wherein the data repository system is a third 
party system where the documents are encrypted so that the administrator of the 
repository system does not have access to the documents in the clear. 

1 4. (New) A computer program product on a computer usable medium for 
mamtaining a secure electronic data search system for a third party electronic data 
repository in which electronic data file documents are stored in encrypted form in 
the data repository to prevent access by the repository administrator such a system 
having a record listing document access privileges for each computer with access to 
electronic data stored in the repository the program product comprising: 

software for updating a manifest for an electronic data file document stored in 
the repository; 

software for identifying all computers with access to the electronic data file 
document and for changing such access in an update software for communicating 
the change in access to all affected computers; 

software for updating access privileges records in all affected software; and 
software for communicating the access privilege records to the affected 
computers. 
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1 5. (New) The computer program product of claim 14, wherein the originators of 
the electronic data files, users of the electronic data files and the repository 
administrator all have vaults which are secure extensions of their respective work 
space. 




16. (New) The computer program product of claim 15 including: 

software in the vault of the document originator to encrypt a document that it 
receives from the originator, prior to forwarding it on to the vault of the repository; 

software in the vault of the repository administrator which on receipt of the 
encrypted document, signs the encrypted document itself before storing the 
document in the electronic repository and returns to the originator's vault proof of 
deposition of the encrypted document; 

software in the vault of a requesting user to the repository's vault to request 
use of the requested document; 

software in repository's vault to retrieve a copy of the document in encrypted 
form which is forwarded, along with the requester's identity, to the originator's 
vault; 

software in the originator's vault to verify that the requester is authorized to 
view the document from the access control list using an access control list 
identifying access ownership privileges for the document stored in the vault itself; 

software in the originator's vault when the requester has access to decrypt the 
document and forward the decrypted document directly to the requester's vault; and 

software in the requester's vault to provide proof of receipt of the decrypted 
document. 
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